Hi,
Running net48xx-1.231.img,
I'm finding in the logs many many instances of
Aug 10 09:17:20 z.z.z.z ipmon[88]: 09:17:19.816759 2x sis2 @0:21 b
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:19 z.z.z.z ipmon[88]: 09:17:18.989225 sis2 @0:21 b
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:18 z.z.z.z ipmon[88]: 09:17:18.316930 sis2 @0:21 b
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:17 z.z.z.z ipmon[88]: 09:17:16.816692 2x sis2 @0:21 b
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Aug 10 09:17:16 z.z.z.z ipmon[88]: 09:17:15.989176 sis2 @0:21 b
0.0.0.0,8116 -> x.x.x.0,8116 PR udp len 20 64 IN
Where z.z.z.z is the Soekris box running m0no0wall and x.x.x.0 is the
RFC1918 private
network on port sis2.
This udp port 8116 is a Checkpoint clustering protocol which can't be
turned off
without also losing functionality. It doesn't need to get to the x.x.x.0
network so
I want it blocked, but the logging is too much. I want to continue
blocking these
packets at the m0n0wall without logging, but still log any other firewall
events.
Rule 0:21 is
block in log quick on sis2 any to any
and appears to take precidence over any rules I put on the sis2 interface.
So the question is, how can I put in a rule to block these packets but not
log doing so AND have that rule be processed before the 0:21rule?
-dean takemori